THORChain lost $10.7 million after a malicious node exploited a flaw in the GG20 protocol. The attacker used the vulnerability to reconstruct a full private key belonging to one of the network's vaults, draining the funds.
How the GG20 Flaw Was Used
The exploit targeted a weakness in GG20, a distributed key generation scheme used by THORChain. A malicious node took advantage of the flaw to piece together the private key for a specific vault. Once the key was reconstructed, the attacker moved the funds out of the protocol.
The $10.7 million figure represents the total loss from the incident. Investigators are still analyzing how the GG20 vulnerability was triggered and whether other vaults were at risk.
What's Known About the Attacker
The exploit was carried out by a single malicious node on the THORChain network. No names or affiliations have been released. The node's actions were detected after the funds left the vault, but by then the damage was done.
THORChain's team has not publicly commented on the exploit beyond confirming the loss. The protocol remains operational, though users are advised to monitor their positions.
Unanswered Questions
It's unclear whether the GG20 vulnerability has been fully patched, or if other nodes could still exploit it. THORChain has not announced a timeline for a fix. The incident raises broader questions about the security of threshold signature schemes in cross-chain liquidity protocols.
